[Secure-testing-commits] r14955 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Jul 3 15:34:44 UTC 2010
Author: derevko-guest
Date: 2010-07-03 15:34:42 +0000 (Sat, 03 Jul 2010)
New Revision: 14955
Modified:
data/CVE/list
Log:
chromium issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-07-03 02:44:43 UTC (rev 14954)
+++ data/CVE/list 2010-07-03 15:34:42 UTC (rev 14955)
@@ -411,8 +411,9 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...)
- webkit <unfixed> (low)
- - chromium-browser <unfixed> (low)
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: poc seems to work, but only intermitently (maybe every 20th character)
+ NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...)
NOT-FOR-US: Subtitle Translation Wizard
CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...)
@@ -708,34 +709,34 @@
NOT-FOR-US: Symantec Sygate Personal Firewall
CVE-2010-2304 (The toAlphabetic function in rendering/RenderListMarker.cpp in WebCore ...)
- webkit <unfixed> (medium; bug #586547)
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59950
CVE-2010-2303 (page/Geolocation.cpp in WebCore in WebKit in Google Chrome before ...)
- webkit <unfixed>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59859
CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...)
- webkit <unfixed>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59876
CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in ...)
- webkit <unfixed>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59241
NOTE: http://trac.webkit.org/changeset/59242
CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes ...)
- webkit <undetermined>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59109
CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc ...)
- webkit <not-affected> (chromium-specific)
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google Chrome ...)
- webkit <not-affected> (chromium-specific)
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...)
- webkit <unfixed>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...)
- webkit <undetermined>
@@ -743,7 +744,7 @@
NOTE: access to google bug report is restricted
CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...)
- webkit <unfixed>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: http://trac.webkit.org/changeset/58829
CVE-2009-4900
RESERVED
@@ -2057,24 +2058,24 @@
NOT-FOR-US: Apple iPhone Passcode Lock
CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-1773
RESERVED
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508
NOTE: http://trac.webkit.org/changeset/59950
CVE-2010-1772
RESERVED
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388
NOTE: http://trac.webkit.org/changeset/59859
CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453
NOTE: http://trac.webkit.org/changeset/59876
CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
@@ -2084,14 +2085,14 @@
NOTE: http://trac.webkit.org/changeset/59795
CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 ...)
- webkit <undetermined>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
TODO: someone with access to the webkit security list please track down commit
CVE-2010-1768
RESERVED
CVE-2010-1767
RESERVED
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843
NOTE: http://trac.webkit.org/changeset/57041
NOTE: if this is the right commit, then this is a dup of cve-2010-1501
@@ -2099,36 +2100,36 @@
CVE-2010-1766
RESERVED
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36339
NOTE: http://trac.webkit.org/changeset/56380
CVE-2010-1765
RESERVED
- webkit <not-affected> (doesn't include cf code)
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37933
NOTE: http://trac.webkit.org/changeset/57995
TODO: is this commit correct? its labeled as a "build fix"
CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=31410
NOTE: http://trac.webkit.org/changeset/55157
CVE-2010-1763 (Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on ...)
- webkit <not-affected> (vulnerable code introduced in svn58950, which isn't included in 1.2.1 yet)
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39008
NOTE: http://trac.webkit.org/changeset/59486
TODO: recheck newer webkit uploads
CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922
NOTE: http://trac.webkit.org/changeset/59241
NOTE: http://trac.webkit.org/changeset/59242
CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760
NOTE: http://trac.webkit.org/changeset/59263
CVE-2010-1760
@@ -2139,12 +2140,12 @@
NOTE: http://trac.webkit.org/changeset/58409
CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583
NOTE: http://trac.webkit.org/changeset/59109
CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
NOTE: http://trac.webkit.org/changeset/59098
CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
@@ -2171,7 +2172,7 @@
TODO: someone with access to the webkit security list please track down the commit
CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625
NOTE: http://trac.webkit.org/changeset/45941
@@ -3124,24 +3125,24 @@
NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824
NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751
NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-1420
RESERVED
CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618
NOTE: http://trac.webkit.org/changeset/58616
CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38260
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36502
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
@@ -3150,34 +3151,34 @@
NOTE: http://trac.webkit.org/changeset/57627
CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001
NOTE: http://trac.webkit.org/changeset/58201
NOTE: if this commit is correct, this is a dup of cve-2010-1665
TODO: request rejection
CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838
NOTE: http://trac.webkit.org/changeset/56810
CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36000
NOTE: http://trac.webkit.org/changeset/56420
CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35818
NOTE: http://trac.webkit.org/changeset/55783
CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit <not-affected> (affected cf/iss code is not present)
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37230
NOTE: http://trac.webkit.org/changeset/57232
CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635
NOTE: http://trac.webkit.org/changeset/57759
NOTE: http://trac.webkit.org/changeset/57817
@@ -3185,40 +3186,40 @@
- tiff 3.9.4-1
CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35603
NOTE: http://trac.webkit.org/changeset/55511
CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34451
NOTE: http://trac.webkit.org/changeset/54193
CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36571
NOTE: http://trac.webkit.org/changeset/56489
NOTE: http://trac.webkit.org/changeset/56492
NOTE: http://trac.webkit.org/changeset/56879
CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435
NOTE: http://trac.webkit.org/changeset/56365
CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=30841
NOTE: http://trac.webkit.org/changeset/50226
NOTE: http://trac.webkit.org/changeset/50240
CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198
NOTE: http://trac.webkit.org/changeset/56186
CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709
NOTE: http://trac.webkit.org/changeset/53446
CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
@@ -3229,74 +3230,74 @@
TODO: ^ this seems to be the commit for cve-2010-1404. what is the right one?
CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35598
NOTE: http://trac.webkit.org/changeset/55182
CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35353
NOTE: http://trac.webkit.org/changeset/55196
CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34734
NOTE: http://trac.webkit.org/changeset/54521
CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35599
NOTE: http://trac.webkit.org/changeset/46437
CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35305
NOTE: http://trac.webkit.org/changeset/55167
CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=32842
NOTE: http://trac.webkit.org/changeset/52034
NOTE: http://trac.webkit.org/changeset/55114
CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35621
NOTE: http://trac.webkit.org/changeset/55462
NOTE: http://trac.webkit.org/changeset/55465
CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=26868
NOTE: http://trac.webkit.org/changeset/46068
CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: http://trac.webkit.org/changeset/55203
NOTE: http://trac.webkit.org/changeset/55212
CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683
NOTE: http://trac.webkit.org/changeset/53607
CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641
NOTE: http://trac.webkit.org/changeset/56297
CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36243
NOTE: http://trac.webkit.org/changeset/56139
CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=29078
NOTE: http://trac.webkit.org/changeset/49487
CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=30019
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34148
NOTE: https://bugs.webkit.org/show_bug.cgi?id=33970
@@ -3310,7 +3311,7 @@
NOTE: http://trac.webkit.org/changeset/47829
CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple ...)
- webkit 1.2.1-2
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34321
NOTE: http://trac.webkit.org/changeset/54129
NOTE: http://trac.webkit.org/changeset/54141
@@ -3318,7 +3319,7 @@
CVE-2010-1386
RESERVED
- webkit 1.2.1-3
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255
NOTE: http://trac.webkit.org/changeset/56188
CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X ...)
More information about the Secure-testing-commits
mailing list